First identified in 2014, Emotet evolved from a niche banking Trojan into what was classified this year by Europol as one of the most prevalent strains of malware in the world. The sheer scale of Emotet’s impact on organisations means that its disruption by authorities in early 2021 ranks as one of the most significant takedowns in cyber security history.

The report is based on an analysis of more than 18,000 Common Vulnerabilities and Exposures (CVEs) logged to NIST’s National Vulnerability Database in 2020. It reveals that well over half (57%) were rated ‘high’ or ‘critical’ severity – the highest recorded figure for any year to date. Our analysis also looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit.